Application No. 10/015,902 PATENT 

Amendment dated May 7, 2007 

Amendment under 37 CFR 1.116 Expedited Procedure 

Examining Group 2136 

Amendments to the Claims: 

This listing of claims will replace all prior versions and listings of claims in the 

application. 
Listing of Claims: 

1 . (Currently Amended) A method for operating an access control system to 
camouflage a secret so as to be accessible by an authorized user yet protected against 
unauthorized access, said method comprising the steps of: 

(a) representing in digital form a secret to be protected against unauthorized 

access; 

(b) storing a plurality of computer-represented objects related to said secret; 

(i) at least one of said objects being accessible by an authorized user 

as a password; 

(ii) at least another of said objects being stored in a computer-readable 
wallet accessible to said access control system; and 

(c) representing said secret as a function of said plurality of objects, using a 
composition function; and 

(d) storing, in a computer-readable memory, said composition function: 

(i) in a manner accessible to said access control system; 

(ii) so as to be executable to generate a candidate secret using a user- 
inputted candidate password in conjunction with at least said another object stored in said wallet; 

(iii) wherein said candidate secret comprises a pseudo-valid 
generating a bogus secret configured to camouflage said secret if said candidate password is not 
said password; and 

(iv) wherein said candidate secret comprises regenerating said 
secret if said candidate password is said password; 

thereby protecting said secret against unauthorized access by camouflaging the 
secret from persons not having said password. 
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2. (Original) The method of claim 1 further comprising effecting a multilevel 
camouflaging scheme by camouflaging said at least another object stored in said wallet. 

3. (Original) The method of claim 1 where: 

(a) said secret represents linkage information among nodes of a network; 

(b) said object accessible by an authorized user is a first graph representing at 
least a portion of said linkage information; and 

(c) said object stored in said wallet is a second graph representing at least a 
portion of said linkage information; and 

(d) said composition function accepts as operands at least said first and 

second graphs. 

4. (Original) The method of claim 1 where: 

(a) said secret represents at least one possible state of a system expressible as 
a Boolean logic function; 

(b) said object accessible by an authorized user is a first matrix representing at 
least one of said states of said Boolean function; 

(c) said object stored in said wallet is a second matrix representing at least 
one of said states of said Boolean function; and 

(d) said composition function accepts as operands at least said first and 
second matrices. 

5. (Original) The method of claim 1 where: 

(i) said secret is a private key of said user; 

(ii) said object accessible by said user is a PIN of said user; 

(iii) said another object stored in said wallet is a pseudo-valid PIN; and 

(iv) said candidate secret has the structural form of a private key. 
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6. (Currently Amended) A method for operating an access control system to release 
a secret camouflaged to be accessible to an authorized user yet protected against unauthorized 
access, said method comprising the steps of: 

(a) accessing a plurality of computer-represented objects related to a secret; 

(i) at least one of said objects being accessible by an authorized user 

as a password; 

(ii) at least another of said objects being stored in a computer-readable 
wallet accessible to said access control system; and 

(b) accessing a composition function representing said secret as a function of 
said plurality of objects; 

(c) receiving a candidate password inputted by a user; 

(d) generating a candidate secret for said user by executing said composition 
function using as operands thereto said candidate password in conjunction with at least said 
another object stored in said wallet; 

(i) wherein said candidate secret comprises a pseudo-valid 
generating a bogu s secret configured to camouflage said secret if said candidate password is not 
said password; 

(ii) wherein said candidate secret comprises regenerating said 
secret if said candidate password is said password; and 

(e) outputting said candidate secret to said user of said access control system. 

7. (Currently Amended) The method of claim 6 where in said step (d )(i ) said 
pseudo-valid bogus secret is configured to deceive an unauthorized user into believing that said 
pseudo-valid bogus secret is said secret. 
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8. (Original) The method of claim 6 where: 

(a) said secret represents linkage information among nodes of a network; 

(b) said object accessible by an authorized user is a first graph representing at 
least a portion of said linkage information; 

(c) said object stored in said wallet is a second graph representing at least a 
portion of said linkage information; and 

(d) said composition function accepts as operands at least said first and 

second graphs. 

9. (Original) The method of claim 6 where: 

(a) said secret represents at least one possible state of a system expressible as 
a Boolean logic function; 

(b) said object accessible by an authorized user is a first array representing at 
least one of said states of said Boolean function; and 

(c) said object stored in said wallet is a second array representing at least 
another of said states of said Boolean function; and 

(d) said composition function accepts as operands at least said first and 

second arrays. 

10. (Original) The method of claim 6 where: 

(i) said secret is a private key of said user; 

(ii) said object accessible by said user is a PIN of said user; 

(iii) said another object stored in said wallet is a pseudo-valid PIN; and 

(iv) said candidate secret has the structural form of a private key. 
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1 1 . (Currently Amended) A method for operating an access control system to protect 
state information against unauthorized access, said method comprising the steps of: 

(a) obtaining state information represented in digital form; 

(b) deriving from said state information a first matrix; 

(c) storing said first matrix as a password usable by an authorized user; 

(d) deriving from said state information a second matrix; 

(e) storing said second matrix in a computer-readable wallet accessible to said 
access control system; and 

(f) storing, in a computer-readable memory, a composition function 
executable to generate a candidate matrix using a user-inputted candidate password in 
conjunction with said second matrix; 

(i) wherein said candidate matrix comprises a pseudo-valid 
generating a bogus matrix configured to camouflage said matrix if said candidate password is 
not said password; and 

(ii) wherein said candidate matrix comprises regenerating said 
matrix if said candidate password is said password; 

thereby protecting said state information against unauthorized access by 
camouflaging said matrix from persons not having said password. 

12. (Original) The method of claim 1 1 further comprising effecting a multilevel 
access control scheme by camouflaging said second matrix. 

13. (Original) The method of claim 1 1 where said state information includes a graph 
representing the status of a network characterized by nodes and links among at least some of said 
nodes. 

14. (Original) The method of claim 13 used to protect an arbitrary secret 
representable in digital form, by representing said secret as interconnections among certain of 
said nodes, said interconnections being represented by values of said graph. 
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15. (Original) The method of claim 14 where said graph, if expressed as a matrix in 
row- or column-major order, would comprise an array having values representing said secret. 

16. (Original) The method of claim 14 where said representing said secret includes 
padding said secret with sufficient bits to form a perfect square. 

17. (Original) The method of claim 13 where said graph is an undirected graph. 

18. (Original) The method of claim 13 where said graph is a directed graph. 

19. (Original) The method of claim 1 1 where said state information comprises at least 
an array including a plurality of output values of a Boolean function, each output value 
corresponding to a unique sequence of input values for operands of said Boolean function. 

20. (Original) The method of claim 19 where said state information further includes 
said sequences of input values corresponding to each of said output values. 

2 1 . (Original) The method of claim 1 9 where: 

(a) said first and second matrices comprise arrays; and 

(b) said state information array represents output values of a Boolean 
function, said output values being ordered in a manner corresponding to a known but unstored 
hierarchy of sequences of possible input values to said Boolean function. 

22. (Original) The method of claim 19 used to protect an arbitrary secret expressed in 
digital form, by representing said secret as the values of said state information array. 

23. (Original) The method of claim 22 where said representing said secret includes 
padding said secret with sufficient bits to form an integer power of a base used in the 
computational logic of the access control system. 
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24. (Currently Amended) A method for operating an access control system to protect 
state information against unauthorized access, said method comprising the steps of: 

(a) retrieving a first matrix related to said state information from a computer- 
readable wallet accessible to said access control system; 

(b) accessing a composition function representing said state information as a 
function of said first matrix and a password stored as a second matrix; 

(c) receiving a candidate password inputted by a user; 

(d) generating candidate state information for said user by executing said 
composition function using as operands thereto said candidate password in conjunction with at 
least said first matrix stored in said wallet; 

(i) wherein said candidate state information comprises pseudo- 
valid generating bogu s state information to camouflage said state information if said candidate 
password is not said password; 

(ii) wherein said candidate state information comprises 
regenerating said state information if said candidate password is said password; and 

(e) outputting said candidate state information or bogus candidate state 
information to said user of said access control system. 

25. (Original) The method of claim 24 where at least one of said matrices is an array 
represented using row- or column-major ordering. 

26. (Original) The method of claim 24 where at least one of said matrices is stored on 
a smart card accessible to said user. 

27. (Original) The method of claim 24 where said state information includes a graph 
representing the status of a network characterized by nodes and links among at least some of said 
nodes. 

28. (Original) The method of claim 27 where said graph takes the form of an 
adjacency matrix. 
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29. (Original) The method of claim 27 where said composition function includes 
graph addition. 

30. (Original) The method of claim 27 where said composition function includes a 
graph product operation. 

3 1 . (Original) The method of claim 27 used to protect an arbitrary secret 
representable in digital form, by representing said secret as interconnections among certain of 
said nodes, said interconnections being represented by values of said graph. 

32. (Original) The method of claim 3 1 where said graph, if expressed as a matrix in 
row- or column-major order, would comprise an array having values equal to said secret. 

33. (Original) The method of claim 27 where said network includes elements of a 
physical network. 

34. (Original) The method of claim 27 where said network includes elements of a 
logical network. 

35. (Original) The method of claim 24 where said state information comprises at least 
an array including a plurality of output values of a Boolean function, each output value 
corresponding to a unique sequence of input values for operands of said Boolean function. 

36. (Original) The method of claim 35 where said state information further includes 
said sequences of input values corresponding to each of said output values. 

37. (Original) The method of claim 35 where: 

(a) said first and second matrices comprise arrays; and 

(b) said state information array represents output values of a Boolean 
function, said output values being ordered in a manner corresponding to a known but unstored 
hierarchy of sequences of possible input values to said Boolean function. 
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38. (Original) The method of claim 37 used to protect an arbitrary secret expressed in 
digital form, by representing said secret as the values of said state information array. 

39. (Currently Amended) A computer-readable medium containing logic instructions 
for operating an access control system to camouflage a secret so as to be accessible by an 
authorized user yet protected against unauthorized access, said logic instructions when executed: 

(a) representing in digital form a secret to be protected against unauthorized 

access; 

(b) storing a plurality of computer-represented objects related to said secret; 

(i) at least one of said objects being accessible by an authorized user 

as a password; 

(ii) at least another of said objects being stored in a computer-readable 
wallet accessible to said access control system; and 

(c) representing said secret as a function of said plurality of objects, using a 
composition function; and 

(d) storing, in a computer-readable memory, said composition function: 
(i) in a manner accessible to said access control system; 

(if) so as to be executable to generate a candidate secret using a user- 
inputted candidate password in conjunction with at least said another object stored in said wallet; 

(iii) wherein said candidate secret comprises a pseudo-valid 
generating a bogus secret to camouflage said secret if said candidate password is not said 
password; and 

(iv) wherein said candidate secret comprises regenerating said 
secret if said candidate password is said password; 

thereby protecting said secret against unauthorized access by persons not having 

said password. 
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40. (Original) The computer-readable medium of claim 39 where: 

(a) said secret represents linkage information among nodes of a network; 

(b) said object accessible by an authorized user is a first graph representing at 
least a portion of said linkage information; and 

(c) said object stored in said wallet is a second graph representing at least a 
portion of said linkage information; and 

(d) said composition function accepts as operands at least said first and 

second graphs. 

41 . (Original) The computer-readable medium of claim 39 where: 

(a) said secret represents at least one possible state of a system expressible as 
a Boolean logic function; 

(b) said object accessible by an authorized user is a first matrix representing at 
least one of said states of said Boolean function; 

(c) said object stored in said wallet is a second matrix representing at least 
one of said states of said Boolean function; and 

(d) said composition function accepts as operands at least said first and 
second matrices. 

42. (Currently Amended) A computer-readable medium containing logic instructions 
for operating an access control system to release a secret camouflaged to be accessible to an 
authorized user yet protected against unauthorized access, said logic instructions when executed: 

(a) accessing a plurality of computer-represented objects related to a secret; 

(i) at least one of said objects being accessible by an authorized user 

as a password; 

(ii) at least another of said objects being stored in a computer-readable 
wallet accessible to said access control system; and 

(b) accessing a composition function representing said secret as a function of 
said plurality of objects; 
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(c) receiving a candidate password inputted by a user; 

(d) generating a candidate secret for said user by executing said composition 
function using as operands thereto said candidate password in conjunction with at least said 
another object stored in said wallet; 

(i) wherein said candidate secret comprises a pseudo-valid 
generating a bogus secret configured to camouflage said secret if said candidate password is not 
said password; 

(ii) wherein said candidate secret comprises regenerating said 
secret if said candidate password is said password; and 

(e) outputting said candidate secret to said user of said access control system. 

43. (Original) The computer-readable medium of claim 42 where: 

(a) said secret represents linkage information among nodes of a network; 

(b) said object accessible by an authorized user is a first graph representing at 
least a portion of said linkage information; 

(c) said object stored in said wallet is a second graph representing at least a 
portion of said linkage information; and 

(d) said composition function accepts as operands at least said first and 

second graphs. 

44. (Original) The computer-readable medium of claim 42 where: 

(a) said secret represents at least one possible state of a system expressible as 
a Boolean logic function; 

(b) said object accessible by an authorized user is a first array representing at 
least one of said states of said Boolean function; and 

(c) said object stored in said wallet is a second array representing at least 
another of said states of said Boolean function; and 

(d) said composition function accepts as operands at least said first and 

second arrays. 
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45. (Currently Amended) A computer-readable medium containing logic instructions 
for operating an access control system to protect state information against unauthorized access, 
said logic instructions when executed: 

(a) obtaining state information represented in digital form; 

(b) deriving from said state information a first matrix; 

(c) storing said first matrix as a password usable by an authorized user; 

(d) deriving from said state information a second matrix; 

(e) storing said second matrix in a computer-readable wallet accessible to said 
access control system; and 

(f) storing, in a computer-readable memory, a composition function 
executable to generate a candidate matrix using a user-inputted candidate password in 
conjunction with said second matrix; 

(i) wherein said candidate matrix comprises a pseudo-valid 
generating a bogus matrix configured to camouflage the matrix if said candidate password is 
not said password; and 

(ii) wherein said candidate matrix comprises regenerating said 
state information if said candidate password is said password; 

thereby protecting said state information against unauthorized access by persons 
not having said password. 

46. (Original) The computer-readable medium of claim 45 where said state 
information includes a graph representing the status of a network characterized by nodes and 
links among at least some of said nodes. 

47. (Original) The computer-readable medium of claim 45 where said state 
information comprises at least an array including a plurality of output values of a Boolean 
function, each output value corresponding to a unique sequence of input values for operands of 
said Boolean function. 
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48. (Currently Amended) A computer-readable medium containing logic instructions 
for operating an access control system to protect state information against unauthorized access, 
said logic instructions when executed: 

(a) retrieving a first matrix related to said state information from a computer- 
readable wallet accessible to said access control system; 

(b) accessing a composition function representing said state information as a 
function of said first matrix and a password stored as a second matrix; 

(c) receiving a candidate password inputted by a user; 

(d) generating candidate state information for said user by executing said 
composition function using as operands thereto said candidate password in conjunction with at 
least said first matrix stored in said wallet; 

(i) wherein said candidate state information comprises pseudo- 
valid generating said bogus state information configured to camouflage said state information if 
said candidate password is not said password; 

(ii) wherein said candidate state information comprises 
regenerating said state information if said candidate password is said password; and 

(e) outputting said candidate state information to said user of said access 

control system. 

49. (Original) The computer-readable medium of claim 48 where said state 
information includes a graph representing the status of a network characterized by nodes and 
links among at least some of said nodes. 

50. (Original) The computer-readable medium of claim 48 where said state 
information comprises at least an array including a plurality of output values of a Boolean 
function, each output value corresponding to a unique sequence of input values for operands of 
said Boolean function. 
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5 1 . (Currently Amended) An access control server configured to camouflage a secret 
so as to be accessible by an authorized user yet protected against unauthorized access, 
comprising: 

(a) a computer processor; 

(b) an interface configured to receive in digital form a secret to be protected 
against unauthorized access; 

(c) a memory configured to store a plurality of computer-represented objects 
related to said secret; 

(i) at least one of said objects being accessible by an authorized user 

as a password; 

(ii) at least another of said objects being stored in a computer-readable 
wallet accessible to said access control system; and 

(d) a memory configured to store a composition function representing said 
secret as a function of said plurality of objects: 

(i) in a manner accessible to said access control system; 

(ii) so as to be executable by said processor to generate a candidate 
secret using a user- inputted candidate password in conjunction with at least said another object 
stored in said wallet; 

(hi) wherein said generated candidate comprises a pseudo-valid 
secret configured to camouflage not regenerating said secret if said candidate password is not 
said password; and 

(iv) wherein said generated candidate secret comprises regenerating 

said secret if said candidate password is said password; 

thereby protecting said secret against unauthorized access by persons not having 

said password. 
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52. (Currently Amended) An access control server to release a secret camouflaged to 
be accessible to an authorized user yet protected against unauthorized access, comprising: 

(a) a memory configured to store a plurality of computer-represented objects 
related to a secret; 

(i) at least one of said objects being accessible by an authorized user 

as a password; 

(ii) at least another of said objects being stored in a computer-readable 
wallet accessible to said access control server; and 

(b) a memory configured to store a composition function representing said 
secret as a function of said plurality of objects; 

(c) an interface configured to receive a candidate password inputted by a user; 

(d) a computer processor configured to execute said composition function to 
generate a candidate secret for said user by using as operands thereto said candidate password in 
conjunction with at least said another object stored in said wallet; 

(i) wherein said candidate secret comprises a pseudo-valid 
generating bogu s secret configured to camouflage said secret if said candidate password is not 
said password; 

(ii) wherein said candidate secret comprises regenerating said 
secret if said candidate password is said password; and 

(e) an interface configured to output said candidate secret to said user of said 
access control server. 

53. (Currently Amended) An access control server to protect state information against 
unauthorized access, comprising: 

(a) a computer processor; 

(b) an interface configured to obtain state information represented in digital 

form; 

(c) a decomposition module configured to decompose said state information 
into at least a first matrix and a second matrix; 
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(d) a memory configured to store said first matrix as a password usable by an 
authorized user; 

(e) a memory configured to store said second matrix in a computer-readable 
wallet accessible to said access control server; and 

(f) a memory configured to store a composition function executable by said 
processor to generate a candidate matrix using a user-inputted candidate password in conjunction 
with said second matrix; 

(i) wherein said candidate state information comprises pseudo- 
valid generating bogus state information to camouflage said state information if said candidate 
password is not said password; and 

(ii) wherein said candidate state information comprises 
regenerating said state information if said candidate password is said password; 

thereby camouflaging said state information to protect said state information 
against unauthorized access by persons not having said password. 

54. (Currently Amended) An access control server to protect state information against 
unauthorized access, comprising: 

(a) a computer-readable wallet configured to store a first matrix related to said 
state information accessible to said access control server; 

(b) a memory configured to store a composition function representing said 
state information as a function of said first matrix and a password stored as a second matrix; 

(c) an interface configured to receive a candidate password inputted by a user; 

(d) a computer processor configured to execute said composition function to 
generate candidate state information for said user by using as operands to said composition 
function said candidate password in conjunction with at least said first matrix stored in said 
wallet; 

(i) wherein said candidate state information comprises pseudo- 
valid generating bogus state information to camouflage said state information if said candidate 
password is not said password; 



Page 17 of 28 



Application No. 1 0/0 1 5,902 

Amendment dated May 7, 2007 

Amendment under 37 CFR 1.116 Expedited Procedure 

Examining Group 2136 



(ii) wherein said candidate state information comprises 
regenerating said state information if said candidate password is said password; and 

(e) an interface configured to output said candidate state information to said 
user of said access control server. 

55. (Currently Amended) An access control system to camouflage a secret so as to be 
accessible by an authorized user yet protected against unauthorized access, comprising: 

(a) means for representing in digital form a secret to be protected against 
unauthorized access; 

(b) means for storing a plurality of computer-represented objects related to 

said secret; 

(i) at least one of said objects being accessible by an authorized user 

as a password; 

(ii) at least another of said objects being stored in a computer-readable 
wallet accessible to said access control system; and 

(c) means for representing said secret as a function of said plurality of objects, 
using a composition function; and 

(d) means for storing, in a computer-readable memory, said composition 

function: 

(i) in a manner accessible to said access control system; 

(ii) so as to be executable to generate a candidate secret using a user- 
inputted candidate password in conjunction with at least said another object stored in said wallet; 

(iii) wherein said candidate secret comprises a pseudo-valid 
generating a bogus secret configured to camouflage said secret if said candidate password is not 
said password; and 

(iv) wherein said candidate secret comprises regenerating said 
secret if said candidate password is said password; 

thereby camouflaging said secret to protect said secret against unauthorized 
access by persons not having said password. 
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56. (Currently Amended) An access control system releasing a secret camouflaged to 
be accessible to an authorized user yet protecting against unauthorized access, said method 
comprising the steps of: 

(a) means for accessing a plurality of computer-represented objects related to 

a secret; 

(i) at least one of said objects being accessible by an authorized user 

as a password; 

(ii) at least another of said objects being stored in a computer-readable 
wallet accessible to said access control system; and 

(b) means for accessing a composition function representing said secret as a 
function of said objects; 

(c) means for receiving a candidate password inputted by a user; 

(d) means for generating a candidate secret for said user by executing said 
composition function using as operands thereto said candidate password in conjunction with at 
least said another object stored in said wallet; 

(i) wherein said candidate secret comprises a pseudo-valid 
generating a bogu s secret configured to camouflage said secret if said candidate password is not 
said password; 

(ii) wherein said candidate secret comprises regenerating said 
secret if said candidate password is said password; and 

(e) means for outputting said candidate secret to said user of said access 

control system. 

57. (Currently Amended) An access control system to protect state information 
against unauthorized access, comprising: 

(a) means for obtaining state information represented in digital form; 

(b) means for deriving from said state information a first matrix; 

(c) means for storing said first matrix as a password usable by an authorized 
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(d) means for deriving from said state information a second matrix; 

(e) means for storing said second matrix in a computer-readable wallet 
accessible to said access control system; and 

(f) means for storing, in a computer-readable memory, a composition 
function executable to generate a candidate matrix using a user-inputted candidate password in 
conjunction with said second matrix; 

(i) wherein said candidate state information comprises pseudo- 
valid generating bogu s state information configured to camouflage said state information if said 
candidate password is not said password; and 

(ii) wherein said candidate secret comprises regenerating said state 
information if said candidate password is said password; 

thereby camouflaging said state information to protect said state information 
against unauthorized access by persons not having said password. 

58. (Currently Amended) An access control system to protect state information 
against unauthorized access, comprising: 

(a) means for retrieving a first matrix related to said state information from a 
computer-readable wallet accessible to said access control system; 

(b) means for accessing a composition function representing said state 
information as a function of said first matrix and a password stored as a second matrix; 

(c) means for receiving a candidate password inputted by a user; 

(d) means for generating candidate state information for said user by 
executing said composition function using as operands thereto said candidate password in 
conjunction with at least said first matrix stored in said wallet; 

(i) wherein said candidate state information comprises pseudo- 
valid generating bogus state information configured to camouflage said state information if said 
candidate password is not said password; 

(ii) wherein said candidate secret comprises regenerating said state 
information if said candidate password is said password; and 
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(e) means for outputting said candidate state information to said user of said 
access control system. 

59. (Currently Amended) A method for operating an access control system to protect 
a secret against unauthorized access, said method comprising the steps of: 

(a) obtaining a secret in digital form; 

(b) modeling said secret as a graph; 

(c) camouflaging said secret by decomposing said graph into: 

(i) a first sub-graph to be distributed as a password to an authorized 
user of said system; and 

(ii) a second sub-graph to be stored in a manner accessible to said 

system; 

(iii) by relating said first and second sub-graphs to said graph via a 
composition function configured to regenerate said secret using a user-inputted candidate 
password in conjunction with said second sub-graph when said candidate password is said 
password and generate a pseudo-valid bogus secret to camouflage said secret when said 
candidate password is not said password; and 

(d) storing said camouflaged secret for subsequent access by a user; 
thereby camouflaging said secret against unauthorized access by persons not 

having said password. 

60. (Currently Amended) A method for operating an access control system to protect 
a secret against unauthorized access, said method comprising the steps of: 

(a) obtaining a secret in digital form; 

(b) modeling said secret as a matrix representing at least a portion of a truth 
table corresponding to a Boolean function; 

(c) camouflaging said secret by decomposing said matrix into: 

(i) a first portion to be distributed as a password to an authorized user 

of said system; and 
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(ii) a second portion to be stored in a manner accessible to said system; 

(iii) by relating said first and second portions to said matrix via a 
composition function configured to regenerate said secret using a user-inputted candidate 
password in conjunction with said second portion when said candidate password is said 
password and generate a pseudo-valid bogus secret to camouflage said secret when said 
candidate password is not said password; and 

(d) storing said camouflaged secret for subsequent access by a user; 
thereby camouflaging said secret against unauthorized access by persons not 
having said password. 

6 1 . (Currently Amended) A method for operating an access control system to protect 
a secret against unauthorized access, said method comprising the steps of: 

(a) retrieving, from a computer-readable wallet, a first sub-graph: 

(i) related to a secret camouflaged as a graph by said system; and 

(ii) accessible to an authorized user as a password; 

(b) accessing a composition function representing said secret as a function of 
said first sub-graph and a stored second sub-graph accessible to said system; 

(c) receiving a candidate password inputted by a user; 

(d) generating a candidate secret for said user by executing said composition 
function using as operands thereto said candidate password in conjunction with at least said first 
sub-graph; 

(i) wherein said candidate secret comprises a pseudo-valid 
generating a bogus secret in lieu of said secret to camouflage said secret if said candidate 
password is not said password; 

(ii) wherein said candidate secret comprises regenerating said 
secret if said candidate password is said password; and 

(e) outputting said candidate secret to said user of said access control system. 
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62. (Currently Amended) A method for operating an access control system to protect 
a secret against unauthorized access, said method comprising the steps of: 

(a) retrieving, from a computer-readable wallet, a first matrix: 

(i) related to a secret camouflaged as a Boolean function by said 

system; and 

(ii) accessible to an authorized user as a password; 

(b) accessing a composition function representing said secret as a function of 
said first matrix and a stored second matrix accessible to said system; 

(c) receiving a candidate password inputted by a user; 

(d) generating a candidate secret for said user by executing said composition 
function using as operands thereto said candidate password in conjunction with at least said first 
matrix; 

(i) wherein said candidate secret comprises a pseudo-valid 
generating a bogus secret configured to camouflage said secret if said candidate password is not 
said password; 

(ii) wherein said candidate secret comprises regenerating said 
secret if said candidate password is said password; and 

(e) outputting said candidate secret to said user of said access control system. 

63. (Currently Amended) A computer-readable medium containing logic instructions 
for operating an access control system to protect a secret against unauthorized access, said logic 
instructions when executed: 

(a) obtaining a secret in digital form; 

(b) modeling said secret as a graph; 

(c) camouflaging said secret by decomposing said graph into: 

(i) a first sub-graph to be distributed as a password to an authorized 
user of said system; and 

(ii) a second sub-graph to be stored in a manner accessible to said 

system; 
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(iii) by relating said first and second sub-graphs to said graph via a 
composition function configured to regenerate said secret using a user-inputted candidate 
password in conjunction with said second sub-graph when said candidate password is said 
password and generating a pseudo-valid bogus secret to camouflage said secret when said 
candidate password is not said password; and 

(d) storing said camouflaged secret for subsequent access by a user; 

thereby camouflaging said secret against unauthorized access by persons not 
having said password. 

64. (Currently Amended) A computer-readable medium containing logic instructions 
for operating an access control system to protect a secret against unauthorized access, said logic 
instructions when executed: 

(a) obtaining a secret in digital form; 

(b) modeling said secret as a matrix representing at least a portion of a truth 
table corresponding to a Boolean function; 

(c) camouflaging said secret by decomposing said matrix into: 

(i) a first portion to be distributed as a password to an authorized user 

of said system; and 

(ii) a second portion to be stored in a manner accessible to said system; 

(iii) by relating said first and second portions to said matrix via a 
composition function configured to regenerate said secret using a user-inputted candidate 
password in conjunction with said second portion when said candidate password is said 
password and generating a pseudo-valid bogus secret to camouflage said secret when said 
candidate password is not said password; and 

(d) storing said camouflaged secret for subsequent access by a user; 
thereby camouflaging said secret against unauthorized access by persons not 

having said password. 
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65. (Currently Amended) A computer-readable medium containing logic instructions 
for operating an access control system to protect a secret against unauthorized access, said logic 
instructions when executed: 

(a) retrieving, from a computer-readable wallet, a first sub-graph: 

(i) related to a secret camouflaged as a graph by said system; and 

(ii) accessible to an authorized user as a password; 

(b) accessing a composition function representing said secret as a function of 
said first sub-graph and a stored second sub-graph accessible to said system; 

(c) receiving a candidate password inputted by a user; 

(d) generating a candidate secret for said user by executing said composition 
function using as operands thereto said candidate password in conjunction with at least said first 
sub-graph; 

(i) wherein said candidate secret comprises a pseudo-valid 
generating a bogus secret configured to camouflage said secret if said candidate password is not 
said password; 

(ii) wherein said candidate secret comprises regenerating said 
secret if said candidate password is said password; and 

(e) outputting said candidate secret to said user of said access control system. 

66. (Currently Amended) A computer-readable medium containing logic instructions 
for operating an access control system to protect a secret against unauthorized access, said logic 
instructions when executed: 

(a) retrieving, from a computer-readable wallet, a first matrix: 

(i) related to a secret camouflaged as a Boolean function by said 

system; and 

(ii) accessible to an authorized user as a password; 

(b) accessing a composition function representing said secret as a function of 
said first matrix and a stored second matrix accessible to said system; 

(c) receiving a candidate password inputted by a user; 
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(d) generating a candidate secret for said user by executing said composition 
function using as operands thereto said candidate password in conjunction with at least said first 
matrix; 

(i) wherein said candidate secret comprises a pseudo-valid 
generating a bogus secret configured to camouflage said secret if said candidate password is not 
said password; 

(ii) wherein said candidate secret comprises regenerating said 
secret if said candidate password is said password; and 

(e) outputting said candidate secret to said user of said access control system. 
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